feat: Sprint 1 — backend fondations TetaRdPG

Auth SuperOAuth (JWT validation + httpOnly cookie), entités users/characters/level_thresholds, lazy calculation endurance, seed 100 niveaux, config prod-ready (trust proxy, helmet, CORS, rate limit). Validé : health 200, auth flow, character CRUD, endurance lazy, 401 sans cookie.
2026-03-15 05:51:02 +01:00
commit da3237bf3f
29 changed files with 7249 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,18 @@
+PORT=4000
+NODE_ENV=development
+
+# PostgreSQL
+DATABASE_URL=postgresql://tetardpg:password@localhost:5432/tetardpg
+
+# Redis
+REDIS_URL=redis://localhost:6379
+
+# Frontend CORS (virgule-séparé pour multi-origin)
+FRONTEND_URL=http://localhost:5173
+
+# SuperOAuth — service externe d'authentification
+SUPER_OAUTH_URL=http://localhost:3000
+SUPER_OAUTH_JWT_SECRET=
+
+# Cookie signing
+COOKIE_SECRET=